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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )03 Responsive to communication(s) filed on 13 April 2004 . 
2a)(3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 2-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 2-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Response to Arguments 



1 . Applicant has submitted no amendments to claims 2-21 . New claim 22 has been 
added. Claim 22 merely recites a computer program product of claim 12. All of the 
limitations of claim 22 are identical to those of claim 1 5 dependent on 12, therefore prior 
art of record applies to claim 22 in the same manner as to claims 12 and 15 as stated in 
the rejection herein. 

2. Referring to independent claims 2,8,12 and 18, Applicant argues that the prima 
face case of obviousness has not been sufficiently established since there are some 
differences between the claimed invention and the prior art of record. Examiner 
respectfully disagrees and points out that while there may be some technical features 
of Applicant invention that are different from prior art of record, they are not sufficiently 
reflected in the claims. Examiner uses broad but reasonable interpretation of the claim 
language. For example the limitation: 

" generating a server authentication request at the client; 

transmitting the server authentication request to the server " 
is met by a logon ID transmitted from the client workstation to the server 
workstation (see Fig.2. block 31). The limitation "...receiving an encrypted server 
authentication response from the server..." is met by encrypted password 
received from the server workstation (see Fig. 2, block 35). The limitation 
"...decrypting the server authentication response..." is met by password entered 
by the user at workstation (1 1 in Fig.1), which is used to decrypt the encrypted 
password received from the server workstation (see Fig.2, block 35). 
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3. Applicant further argues that the motivation to combine references is taken form 
Applicant' disclosure and based on hindsight reasoning. Examiner respectfully 
disagrees and points that while Kung does not teach disabling client 

functions if the server is not authorized to provide resource to the client, 

McAuliffe discloses an advertisement authentication system, in which advertisements 

are downloaded for off-line display (see abstract and Fig. 1A). McAuliffe shows a client 

computer connected to the server computers over the network (see units 2 and 20, 22, 

24, 25, 27 in Fig. 1 A). McAuliffe teaches advertisement authentication system capable 

of detecting various forms of advertisement and statistics file 

tampering. McAuliffe teaches that client software disabling are instituted 

after multiple incidents of "tampering" are detected within a short time period (see 

column 11, lines 9-12). 

Examiner maintains, that one of ordinary skill in the art would have been motivated 
to disable client functions in case of a negative result of authentication as taught 
in McAuliffe for making sure that the advertisements are properly displayed at a 
remote computer (see McAuliffe, abstract). As shown, here the motivation to combine 
the teachings of Kung with those of McAuliffe is taken directly form teachings of 
McAuliffe and not from the Applicant's disclosure. 

4. Applicant states that even assuming arguendo that the combination of Kung with 
McAuliffe is proper, they fail to tech or suggest all of the limitations of the independent 
claims 2, 8, 12 and 18 as well as dependent claims 7 and 17. Examiner once again 
points out that appropriately broad interpretation of the claims is applied. It was 
explicitly stated in the first Office Action, and repeated herein, that limitations of the 
instant claims are met by the elements of the prior art. 

5. Rejection of claim 2-22 is maintained. 
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Claim Rejections - 35 USC § 103 



6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 2-5, 7-10, 12-15, 16-20 and 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe (U.S. 
Patent No. 5.838.790). 

8. Referring to the instant claims Kung discloses a method for providing 
mutual authentication of a user and a server on a network (see abstract and 



Kung teaches a mutual authentication method for use in authenticating a user 
that operates a client workstation that is coupled to a file server workstation 
having a password file comprising a password known to the user (see Fig. 1 and 
column 1 , lines 47-50). Kung teaches that the method comprises the 
following steps: A logon ID is transmitted from the client workstation to the server 
workstation. The stored user password corresponding to the user ID is retrieved 
using the transmitted logon ID is retrieved from the password file. A random 
number is created that is encrypted by a symmetric encryption algorithm on the 
server workstation using the retrieved user password, and which provides an 
encrypted password. The user is then requested to enter the password into the 
user workstation. The entered password is used to decrypt the encrypted 
password received from the server workstation and retrieve the random number 



Fig.1). 
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therefrom to authenticate the server workstation. The random number is then 
used as the encryption and decryption key for communication between the user 
and server workstations. An encrypted message is transmitted using the random 
number from the client workstation to the server workstation. The encrypted 
message is decrypted at the server workstation to authenticate the user (see 
column 1, lines 53-68). 

9. Referring to claims 2 t 5, 8, 12,15, 18, 20 and 22 the limitation 
" generating a server authentication request at the client; 

transmitting the server authentication request to the server " 
is met by a logon ID transmitted from the client workstation to the server 
workstation (see Fig. 2. block 31). The limitation "...receiving an encrypted server 
authentication response from the server..." is met by encrypted password 
received from the server workstation (see Fig. 2, block 35). The limitation 
"...decrypting the server authentication response..." is met by password entered 
by the user at workstation (1 1 in Fig.1), which is used to decrypt the encrypted 
password received from the server workstation (see Fig.2, block 35). 
Kung, however, does not explicitly teach disabling client functions if the 
server is not authorized to provide resource to the client. 

10. Referring to the instant claims, McAuliffe discloses an advertisement 
authentication system in which advertisements are downloaded for off-line 
display (see abstract and Fig. 1 A). McAuliffe shows a client computer connected 
to the server computers over the network (see units 2 and 20, 22, 24, 25, 27 in 
Fig. 1 A). McAuliffe teaches advertisement authentication system capable 

of detecting various forms of advertisement and statistics file 

tampering. McAuliffe teaches that client software disabling are instituted 

after multiple incidents of "tampering" are detected within a short time period (see 
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column 1 1 , lines 9-1 2). Therefore, at the time the invention was made, it would 
have been obvious to one of ordinary skill in the art to modify the system for 
authentication of a user and a server on a network of Kung by disable client 
functions in case of detection of tempering (i.e. negative result of authentication) 
as taught in McAuliffe. One of ordinary skill in the art would have been motivated 
to disable client functions in case of a negative result of authentication as taught 
in McAuliffe for making sure that the advertisements are properly displayed at a 
remote computer (see McAuliffe, abstract). 

1 1 . Referring to claim 4, 8, 9,14, 18 and 19 the limitations "disable one or more 
functions until after a grace period" and " after an allotted period of time..." is met 
by disabling client functions after a number of incidents of "tampering" in a time 
period (see McAuliffe, column 11, lines 9 -12). 

12. Referring to claims 5 and 10, McAuliffe shows the client authenticating the 
downloads from multiple servers (see units 2 and 20, 22, 24, 25, 27 in Fig. 1 A). 

13. Referring to claim 7 and 17, Kung teaches that a random number is 
created that is encrypted by a symmetric encryption algorithm on the server 
workstation using the retrieved user password, and which provides an encrypted 
password (column 1, lines 53-68). 

14. Claims 6, 11, 16 and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe (U.S. 
Patent No.5.838.790) and further in view Guthrie (U.S. Patent No. 6.161.185). 

15. Referring to the instant claims, Kung and McAuliffe teach disabling client 
functions when server authentication response fails to indicate that server is 
authorized to provide resources. Kung and McAuliffe, however, do not explicitly 
teach determining when a subsequent authentication response should occur 
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based on expiration information. 

16. Referring to the instant claims, Guthrie discloses personal 
authentication system and method for multiple computer platform (see abstract). 
Guthrie shows a client-server system (see Figs. 1 A and 1 B). Guthrie teaches 
determining weather authentication request had been made during the 
expiration notification time (see column 9, lines 40-55). Therefore, at the time the 
invention was made, it would have been obvious to one of ordinary skill in the art 
to have a server authentication response of Kung and McAuliffe 
comprising expiration information and to determine weather authentication 
response had occurred as taught in Guthrie. One of ordinary skill in the art would 
have been motivated to have a server authentication response of Kung and 
McAuliffe comprising expiration information and to determine weather 
authentication response had occurred as taught in Guthrie for allowing a user 
to attempt to authenticate himself for a configurable number of 
allowances after his password expiration time value has passed (see 
Guthrie column 9, lines 50-55). 



17. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 



Conclusion 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Grigory Gurshman whose telephone number is (703) 
306-2900. The examiner can normally be reached on 9 AM-5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 




Grigory Gurshman 

Examiner 

Art Unit 2132 



April 26, 2004 
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GILBERTO BARRON f 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




